[routing-wg] AS12679 -- 206.195.224.0/19
- Previous message (by thread): [routing-wg] AS12679 -- 206.195.224.0/19
- Next message (by thread): [routing-wg] AS12679 -- 206.195.224.0/19
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Mon Jan 27 08:36:43 CET 2020
In message <20200127071712.GN36653 at vurt.meerval.net>, Job Snijders <job at ntt.net> wrote: >Hold on a second, are you sure there ever *was* a request to change who >controls this legacy block? I am not so sure. > >I suspect what happened is that the 'thriftdrug.org' domain name >registration expired, and the alleged thief registered thriftdrug.org... Nope. I have already looked at the ARIN WhoWas report. Here are the relevant records, with date stamps: https://pastebin.com/raw/M3fDR7nh >> But from where I am sitting it does appear that there was exactly and >> only -zero- review of this take-over request. > >There was no take-over request, I'd call this impersonation or a >compromised account. I agree that "impersonation" occurred. I *do not* agree that this was enabled by any kind of account compromise. Furthermore, I have no reason to believe that suddenly, after a couple of decades of utter dormancy, someone just guessed the acocunt password needed to take control over this ARIN WHOIS record. (And in this instance I apply Occam's razor.) >> I mean that it appears that absolutely *nothing* was done in the way >> of vetting in this case. The age of the new contact domain... which >> would have been a BIG red flag... quite apparentkly wasn't checked. > >Have you considered asking ARIN to take the 'domain name creation' date >into consideration when usernames are retrieved or passwords are reset? >Perhaps there are some simple heuristics that can be applied to improve >the password reset process. Thank you for a nice laugh Job! No, I have not suggested to ARIN how to do their jobs in this kind of a context. And no, I *do not* think that I should even have to suggest that such factors should be considered when giving someone control over a nice juicy legacy block that has sat dormant for a couple of decades. Nor do I think that -I- should have to suggest such a step to the ARIN folks for the simple reason that it is JUST TOO EFFING OBVIOUS... a fact which this present case renderes even more bloody obvious than it already was. >ARIN has a fine working process to publicly log enhancement requests >called the 'ACSP' https://www.arin.net/participate/community/acsp/ Gee. Thanks Job. I just love to spend time jumping through mindless bureaucratic hoops, just so that I can claim the privilege of informing some folks of what should have been bloody obvious to those same folks from the get-go anyway. >ARIN would not be unique in having trouble preventing account >compromises when the control over the domain name falls in the wrong >hands. See above. That's not what happened in this case. Regards, rfg
- Previous message (by thread): [routing-wg] AS12679 -- 206.195.224.0/19
- Next message (by thread): [routing-wg] AS12679 -- 206.195.224.0/19
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]